ENTRUST nSHIELD 5s
Entrust nShield 5s HSMs
nShield 5s HSMs are PCIe cards that perform encryption, digital signing, and key generation for an extensive range of commercial and custom-built applications, including certificate authorities, code signing, and more. With their comprehensive capabilities and quantum crypto-agility, they are 100% compatible with existing nShield HSM deployments and APIs, and they are highly secure, with FIPS-140-3 Level 3 certification (expected June 2023).
Models
The nShield 5s HSM series includes the new high-performance nShield 5s High, which offers superior asymmetric and symmetric performance and best-in-class elliptic curve cryptography (ECC) transaction rates.
nShield 5s Benefits
nShield HSM 通过 Security World 架构集成在统一的生态系统当中,可为您提供可扩展性和负载平衡等功能。
nShield 5s HSMs are ideal for enterprise retail, IoT 5G, and other environments where throughput is critical.
在 nShield 的边界内执行代码,保护您的应用程序及其处理的数据。
详情
- 单击选择...
技术规格
通过认证的硬件解决方案
Entrust has earned a broad set of certifications for nShield HSM products. These certifications help our customers to demonstrate compliance while also helping to give them the assurance that their nShield HSMs meet stringent industry standards.
安全和环境标准合规性
- UL, CE, FCC, Canada ICES, KC, VCCI, RCM, UKCA RoHS, WEEE, REACH
安全合规性
- FIPS 140-3 Level 3 (expected June 2023)
- BSI AIS 20/31 compliant
支持的 API
- PKCS#11, OpenSSL, Java (JCE), Microsoft CAPI and CNG, nCore, and Web Services
支持的加密算法
- Full NIST Suite B implementation
- Asymmetric algorithms: RSA, Diffie-Hellman, ECMQV, DSA, El- Gamal, KCDSA, ECDSA (including NIST, Brainpool & secp256k1 curves), ECDH, Edwards (Ed25519, Ed25519ph)
- Symmetric algorithms: AES, AES-GCM, Arcfour, ARIA, Camellia, MD5 HMAC, RIPEMD160 HMAC, SEED, SHA-1 HMAC, SHA-224 HMAC, SHA-256 HMAC, SHA-384 HMAC, SHA-512 HMAC, Tiger HMAC, 3DES
- Hash/message digest: MD5, SHA-1, SHA-2 (224, 256, 384, 512 bit), HAS-160, RIPEMD160, SHA-3 (224, 256, 384, 512 bit)
- Elliptic Curve Key Agreement (ECKA) available via Java API and nCore APIs
- Elliptic Curve Integrated Encryption Scheme (ECIES) available via Java API, PKCS#11 and nCore APIs
- TUAK & MILENAGE algorithm support for mutual authentication and key generation (3GPP)
- NIST short-listed post-quantum cryptographic algorithms supported using the nShield Post-Quantum SDK with CodeSafe
支持的平台
Windows and Linux operating systems including distributions from Red Hat and SUSE.
可靠性
使用 Telcordia SR-332 “电子设备可靠性预测程序” MTBF 标准在 25°C 的工作温度下进行计算
- nShield 5s HSM: 1,702,841 hours
| nShield 5s models | Base | Mid | 高 | |||
|---|---|---|---|---|---|---|
| RSA signing performance (tps) for NIST recommended key lengths | ||||||
| 2048 位 | 670 | 3,949 | 13,614 | |||
| 4096 位 | 135 | 814 | 2,200 | |||
| 8192 bit | 19 | 115 | 309 | |||
| ECC prime curve signing performance (tps) for NIST recommended key lengths | ||||||
| 256 位 | 2,085 | 7,553 | 21,826 | |||
| 521 bit | 1,010 | 5,977 | 16,164 | |||
| Key generation (key/sec) | ||||||
| RSA 2048 bit | 7 | 20 | 23 | |||
| ECDSA P-256 bit | 1,040 | 3,580 | 3,494 | |||
| ECDSA P-521 bit | 518 | 2,480 | 2,724 | |||
| Key agreement performance (transaction/sec) | ||||||
| ECDH P-256 bit | 2,085 | 7,550 | 21,436 | |||
Each nShield 5s HSM is supplied with an external smart card reader for local use.
选项和配件
性能评级和选项
We have a variety of nShield 5s models to meet your performance needs. You can select among the performance models shown in the Tech Specs tab and can also purchase in-field upgrades from lower nShield 5s performance models to higher performance models.
软件选项包
Entrust offers a range of software option packs that can be used in conjunction with your nShield HSMs.
nShield Monitor 系统
nShield Monitor 是一个监控平台,可帮助您获得 nShield HSM 运行状态的全天候可见性。 借助该解决方案,安全团队可以高效地检查 HSM 状态,迅速发现可能会危及任务关键型基础设施的任何潜在的安全、配置或使用问题。
远程管理模块
nShield Remote Administration lets operators manage distributed nShield HSMs – including adding applications, upgrading firmware, checking status, re-booting and more – from their office locations, reducing travel and saving money. Remote Administration Kits contain the hardware and software needed to set up and use the tool.
CodeSafe
CodeSafe is a powerful, secure environment that lets you execute applications within the secure boundaries of nShield HSMs. Sample applications include digital meters, authentication agents, digital signature agents and custom encryption processes. CodeSafe is available with FIPS Level 3 certified network attached and PCIe nShield HSMs
CipherTools
CipherTools 是一套包含教程、参考文档、示例程序和其他库的工具包。 借助此工具包,开发人员可以充分利用 nShield HSM 的高级集成功能。 除了为标准 API 提供支持外,该工具包还支持您使用 nShield HSM 运行自定义应用程序。 CipherTools 包含在 Security World 软件的 ISO/DVD 中,免费向您提供。
KCDSA 激活
With the KCDSA activation license, you can use the Korean Certificate-based Digital Signature Algorithm (KCSDA) as well as HAS-160, SEED, and ARIA algorithms on nShield HSMs.
智能卡读卡器机架
For organizations deploying one or more nShield 5s modules in a 19" rack, the optional nShield smart card reader rackmount provides a practical and clean solution for attaching card readers in the data center. The rackmount is 1U in height and can be equipped with up to four smart card readers, which come standard with nShield 5s cards. Each unit is packaged with three blanking plates to cover any unused slots.
相关产品
Subscription-based service for generating, accessing, and protecting cryptographic keys with dedicated FIPS certified network-attached HSMs.
Reduce integration and gain simplicity using this API, providing a simple interface between cloud based applications and HSMs
Reduce travel time and costs by managing your geographically distributed nShield HSMs from your local office.